1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include <errno.h>
17 #include <string.h>
18 #include <stdint.h>
19
20 #include <keystore/keystore.h>
21
22 #include <hardware/hardware.h>
23 #include <hardware/keymaster.h>
24
25 #include <openssl/evp.h>
26 #include <openssl/bio.h>
27 #include <openssl/rsa.h>
28 #include <openssl/err.h>
29 #include <openssl/x509.h>
30
31 #include <UniquePtr.h>
32
33 // For debugging
34 // #define LOG_NDEBUG 0
35
36 #define LOG_TAG "OpenSSLKeyMaster"
37 #include <cutils/log.h>
38
39 struct BIGNUM_Delete {
operator ()BIGNUM_Delete40 void operator()(BIGNUM* p) const {
41 BN_free(p);
42 }
43 };
44 typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
45
46 struct EVP_PKEY_Delete {
operator ()EVP_PKEY_Delete47 void operator()(EVP_PKEY* p) const {
48 EVP_PKEY_free(p);
49 }
50 };
51 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
52
53 struct PKCS8_PRIV_KEY_INFO_Delete {
operator ()PKCS8_PRIV_KEY_INFO_Delete54 void operator()(PKCS8_PRIV_KEY_INFO* p) const {
55 PKCS8_PRIV_KEY_INFO_free(p);
56 }
57 };
58 typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
59
60 struct DSA_Delete {
operator ()DSA_Delete61 void operator()(DSA* p) const {
62 DSA_free(p);
63 }
64 };
65 typedef UniquePtr<DSA, DSA_Delete> Unique_DSA;
66
67 struct EC_KEY_Delete {
operator ()EC_KEY_Delete68 void operator()(EC_KEY* p) const {
69 EC_KEY_free(p);
70 }
71 };
72 typedef UniquePtr<EC_KEY, EC_KEY_Delete> Unique_EC_KEY;
73
74 struct EC_GROUP_Delete {
operator ()EC_GROUP_Delete75 void operator()(EC_GROUP* p) const {
76 EC_GROUP_free(p);
77 }
78 };
79 typedef UniquePtr<EC_GROUP, EC_GROUP_Delete> Unique_EC_GROUP;
80
81 struct RSA_Delete {
operator ()RSA_Delete82 void operator()(RSA* p) const {
83 RSA_free(p);
84 }
85 };
86 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
87
88 struct Malloc_Free {
operator ()Malloc_Free89 void operator()(void* p) const {
90 free(p);
91 }
92 };
93
94 typedef UniquePtr<keymaster_device_t> Unique_keymaster_device_t;
95
96 /**
97 * Many OpenSSL APIs take ownership of an argument on success but
98 * don't free the argument on failure. This means we need to tell our
99 * scoped pointers when we've transferred ownership, without
100 * triggering a warning by not using the result of release().
101 */
102 template <typename T, typename Delete_T>
release_because_ownership_transferred(UniquePtr<T,Delete_T> & p)103 inline void release_because_ownership_transferred(UniquePtr<T, Delete_T>& p) {
104 T* val __attribute__((unused)) = p.release();
105 }
106
107 /*
108 * Checks this thread's OpenSSL error queue and logs if
109 * necessary.
110 */
logOpenSSLError(const char * location)111 static void logOpenSSLError(const char* location) {
112 int error = ERR_get_error();
113
114 if (error != 0) {
115 char message[256];
116 ERR_error_string_n(error, message, sizeof(message));
117 ALOGE("OpenSSL error in %s %d: %s", location, error, message);
118 }
119
120 ERR_clear_error();
121 ERR_remove_state(0);
122 }
123
wrap_key(EVP_PKEY * pkey,int type,uint8_t ** keyBlob,size_t * keyBlobLength)124 static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlobLength) {
125 /*
126 * Find the length of each size. Public key is not needed anymore
127 * but must be kept for alignment purposes.
128 */
129 int publicLen = 0;
130 int privateLen = i2d_PrivateKey(pkey, NULL);
131
132 if (privateLen <= 0) {
133 ALOGE("private key size was too big");
134 return -1;
135 }
136
137 /* int type + int size + private key data + int size + public key data */
138 *keyBlobLength = get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + privateLen +
139 sizeof(privateLen) + publicLen;
140
141 // derData will be returned to the caller, so allocate it with malloc.
142 UniquePtr<unsigned char, Malloc_Free> derData(
143 static_cast<unsigned char*>(malloc(*keyBlobLength)));
144 if (derData.get() == NULL) {
145 ALOGE("could not allocate memory for key blob");
146 return -1;
147 }
148 unsigned char* p = derData.get();
149
150 /* Write the magic value for software keys. */
151 p = add_softkey_header(p, *keyBlobLength);
152
153 /* Write key type to allocated buffer */
154 for (int i = sizeof(type) - 1; i >= 0; i--) {
155 *p++ = (type >> (8 * i)) & 0xFF;
156 }
157
158 /* Write public key to allocated buffer */
159 for (int i = sizeof(publicLen) - 1; i >= 0; i--) {
160 *p++ = (publicLen >> (8 * i)) & 0xFF;
161 }
162
163 /* Write private key to allocated buffer */
164 for (int i = sizeof(privateLen) - 1; i >= 0; i--) {
165 *p++ = (privateLen >> (8 * i)) & 0xFF;
166 }
167 if (i2d_PrivateKey(pkey, &p) != privateLen) {
168 logOpenSSLError("wrap_key");
169 return -1;
170 }
171
172 *keyBlob = derData.release();
173
174 return 0;
175 }
176
unwrap_key(const uint8_t * keyBlob,const size_t keyBlobLength)177 static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength) {
178 long publicLen = 0;
179 long privateLen = 0;
180 const uint8_t* p = keyBlob;
181 const uint8_t* const end = keyBlob + keyBlobLength;
182
183 if (keyBlob == NULL) {
184 ALOGE("supplied key blob was NULL");
185 return NULL;
186 }
187
188 int type = 0;
189 if (keyBlobLength < (get_softkey_header_size() + sizeof(type) + sizeof(publicLen) + 1 +
190 sizeof(privateLen) + 1)) {
191 ALOGE("key blob appears to be truncated");
192 return NULL;
193 }
194
195 if (!is_softkey(p, keyBlobLength)) {
196 ALOGE("cannot read key; it was not made by this keymaster");
197 return NULL;
198 }
199 p += get_softkey_header_size();
200
201 for (size_t i = 0; i < sizeof(type); i++) {
202 type = (type << 8) | *p++;
203 }
204
205 for (size_t i = 0; i < sizeof(type); i++) {
206 publicLen = (publicLen << 8) | *p++;
207 }
208 if (p + publicLen > end) {
209 ALOGE("public key length encoding error: size=%ld, end=%td", publicLen, end - p);
210 return NULL;
211 }
212
213 p += publicLen;
214 if (end - p < 2) {
215 ALOGE("private key truncated");
216 return NULL;
217 }
218 for (size_t i = 0; i < sizeof(type); i++) {
219 privateLen = (privateLen << 8) | *p++;
220 }
221 if (p + privateLen > end) {
222 ALOGE("private key length encoding error: size=%ld, end=%td", privateLen, end - p);
223 return NULL;
224 }
225
226 Unique_EVP_PKEY pkey(EVP_PKEY_new());
227 if (pkey.get() == NULL) {
228 logOpenSSLError("unwrap_key");
229 return NULL;
230 }
231 EVP_PKEY* tmp = pkey.get();
232
233 if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) {
234 logOpenSSLError("unwrap_key");
235 return NULL;
236 }
237
238 return pkey.release();
239 }
240
generate_dsa_keypair(EVP_PKEY * pkey,const keymaster_dsa_keygen_params_t * dsa_params)241 static int generate_dsa_keypair(EVP_PKEY* pkey, const keymaster_dsa_keygen_params_t* dsa_params) {
242 if (dsa_params->key_size < 512) {
243 ALOGI("Requested DSA key size is too small (<512)");
244 return -1;
245 }
246
247 Unique_DSA dsa(DSA_new());
248
249 if (dsa_params->generator_len == 0 || dsa_params->prime_p_len == 0 ||
250 dsa_params->prime_q_len == 0 || dsa_params->generator == NULL ||
251 dsa_params->prime_p == NULL || dsa_params->prime_q == NULL) {
252 if (DSA_generate_parameters_ex(dsa.get(), dsa_params->key_size, NULL, 0, NULL, NULL,
253 NULL) != 1) {
254 logOpenSSLError("generate_dsa_keypair");
255 return -1;
256 }
257 } else {
258 dsa->g = BN_bin2bn(dsa_params->generator, dsa_params->generator_len, NULL);
259 if (dsa->g == NULL) {
260 logOpenSSLError("generate_dsa_keypair");
261 return -1;
262 }
263
264 dsa->p = BN_bin2bn(dsa_params->prime_p, dsa_params->prime_p_len, NULL);
265 if (dsa->p == NULL) {
266 logOpenSSLError("generate_dsa_keypair");
267 return -1;
268 }
269
270 dsa->q = BN_bin2bn(dsa_params->prime_q, dsa_params->prime_q_len, NULL);
271 if (dsa->q == NULL) {
272 logOpenSSLError("generate_dsa_keypair");
273 return -1;
274 }
275 }
276
277 if (DSA_generate_key(dsa.get()) != 1) {
278 logOpenSSLError("generate_dsa_keypair");
279 return -1;
280 }
281
282 if (EVP_PKEY_assign_DSA(pkey, dsa.get()) == 0) {
283 logOpenSSLError("generate_dsa_keypair");
284 return -1;
285 }
286 release_because_ownership_transferred(dsa);
287
288 return 0;
289 }
290
generate_ec_keypair(EVP_PKEY * pkey,const keymaster_ec_keygen_params_t * ec_params)291 static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) {
292 Unique_EC_GROUP group;
293 switch (ec_params->field_size) {
294 case 192:
295 group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1));
296 break;
297 case 224:
298 group.reset(EC_GROUP_new_by_curve_name(NID_secp224r1));
299 break;
300 case 256:
301 group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
302 break;
303 case 384:
304 group.reset(EC_GROUP_new_by_curve_name(NID_secp384r1));
305 break;
306 case 521:
307 group.reset(EC_GROUP_new_by_curve_name(NID_secp521r1));
308 break;
309 default:
310 break;
311 }
312
313 if (group.get() == NULL) {
314 logOpenSSLError("generate_ec_keypair");
315 return -1;
316 }
317
318 EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED);
319 EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE);
320
321 /* initialize EC key */
322 Unique_EC_KEY eckey(EC_KEY_new());
323 if (eckey.get() == NULL) {
324 logOpenSSLError("generate_ec_keypair");
325 return -1;
326 }
327
328 if (EC_KEY_set_group(eckey.get(), group.get()) != 1) {
329 logOpenSSLError("generate_ec_keypair");
330 return -1;
331 }
332
333 if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) {
334 logOpenSSLError("generate_ec_keypair");
335 return -1;
336 }
337
338 if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) {
339 logOpenSSLError("generate_ec_keypair");
340 return -1;
341 }
342 release_because_ownership_transferred(eckey);
343
344 return 0;
345 }
346
generate_rsa_keypair(EVP_PKEY * pkey,const keymaster_rsa_keygen_params_t * rsa_params)347 static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params) {
348 Unique_BIGNUM bn(BN_new());
349 if (bn.get() == NULL) {
350 logOpenSSLError("generate_rsa_keypair");
351 return -1;
352 }
353
354 if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) {
355 logOpenSSLError("generate_rsa_keypair");
356 return -1;
357 }
358
359 /* initialize RSA */
360 Unique_RSA rsa(RSA_new());
361 if (rsa.get() == NULL) {
362 logOpenSSLError("generate_rsa_keypair");
363 return -1;
364 }
365
366 if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) ||
367 RSA_check_key(rsa.get()) < 0) {
368 logOpenSSLError("generate_rsa_keypair");
369 return -1;
370 }
371
372 if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) {
373 logOpenSSLError("generate_rsa_keypair");
374 return -1;
375 }
376 release_because_ownership_transferred(rsa);
377
378 return 0;
379 }
380
openssl_generate_keypair(const keymaster_device_t *,const keymaster_keypair_t key_type,const void * key_params,uint8_t ** keyBlob,size_t * keyBlobLength)381 __attribute__((visibility("default"))) int openssl_generate_keypair(
382 const keymaster_device_t*, const keymaster_keypair_t key_type, const void* key_params,
383 uint8_t** keyBlob, size_t* keyBlobLength) {
384 Unique_EVP_PKEY pkey(EVP_PKEY_new());
385 if (pkey.get() == NULL) {
386 logOpenSSLError("openssl_generate_keypair");
387 return -1;
388 }
389
390 if (key_params == NULL) {
391 ALOGW("key_params == null");
392 return -1;
393 } else if (key_type == TYPE_DSA) {
394 const keymaster_dsa_keygen_params_t* dsa_params =
395 (const keymaster_dsa_keygen_params_t*)key_params;
396 generate_dsa_keypair(pkey.get(), dsa_params);
397 } else if (key_type == TYPE_EC) {
398 const keymaster_ec_keygen_params_t* ec_params =
399 (const keymaster_ec_keygen_params_t*)key_params;
400 generate_ec_keypair(pkey.get(), ec_params);
401 } else if (key_type == TYPE_RSA) {
402 const keymaster_rsa_keygen_params_t* rsa_params =
403 (const keymaster_rsa_keygen_params_t*)key_params;
404 generate_rsa_keypair(pkey.get(), rsa_params);
405 } else {
406 ALOGW("Unsupported key type %d", key_type);
407 return -1;
408 }
409
410 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), keyBlob, keyBlobLength)) {
411 return -1;
412 }
413
414 return 0;
415 }
416
openssl_import_keypair(const keymaster_device_t *,const uint8_t * key,const size_t key_length,uint8_t ** key_blob,size_t * key_blob_length)417 __attribute__((visibility("default"))) int openssl_import_keypair(const keymaster_device_t*,
418 const uint8_t* key,
419 const size_t key_length,
420 uint8_t** key_blob,
421 size_t* key_blob_length) {
422 if (key == NULL) {
423 ALOGW("input key == NULL");
424 return -1;
425 } else if (key_blob == NULL || key_blob_length == NULL) {
426 ALOGW("output key blob or length == NULL");
427 return -1;
428 }
429
430 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length));
431 if (pkcs8.get() == NULL) {
432 logOpenSSLError("openssl_import_keypair");
433 return -1;
434 }
435
436 /* assign to EVP */
437 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
438 if (pkey.get() == NULL) {
439 logOpenSSLError("openssl_import_keypair");
440 return -1;
441 }
442 release_because_ownership_transferred(pkcs8);
443
444 if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), key_blob, key_blob_length)) {
445 return -1;
446 }
447
448 return 0;
449 }
450
openssl_get_keypair_public(const struct keymaster_device *,const uint8_t * key_blob,const size_t key_blob_length,uint8_t ** x509_data,size_t * x509_data_length)451 __attribute__((visibility("default"))) int openssl_get_keypair_public(
452 const struct keymaster_device*, const uint8_t* key_blob, const size_t key_blob_length,
453 uint8_t** x509_data, size_t* x509_data_length) {
454
455 if (x509_data == NULL || x509_data_length == NULL) {
456 ALOGW("output public key buffer == NULL");
457 return -1;
458 }
459
460 Unique_EVP_PKEY pkey(unwrap_key(key_blob, key_blob_length));
461 if (pkey.get() == NULL) {
462 return -1;
463 }
464
465 int len = i2d_PUBKEY(pkey.get(), NULL);
466 if (len <= 0) {
467 logOpenSSLError("openssl_get_keypair_public");
468 return -1;
469 }
470
471 UniquePtr<uint8_t, Malloc_Free> key(static_cast<uint8_t*>(malloc(len)));
472 if (key.get() == NULL) {
473 ALOGE("Could not allocate memory for public key data");
474 return -1;
475 }
476
477 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
478 if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
479 logOpenSSLError("openssl_get_keypair_public");
480 return -1;
481 }
482
483 ALOGV("Length of x509 data is %d", len);
484 *x509_data_length = len;
485 *x509_data = key.release();
486
487 return 0;
488 }
489
sign_dsa(EVP_PKEY * pkey,keymaster_dsa_sign_params_t * sign_params,const uint8_t * data,const size_t dataLength,uint8_t ** signedData,size_t * signedDataLength)490 static int sign_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* data,
491 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
492 if (sign_params->digest_type != DIGEST_NONE) {
493 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
494 return -1;
495 }
496
497 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
498 if (dsa.get() == NULL) {
499 logOpenSSLError("openssl_sign_dsa");
500 return -1;
501 }
502
503 unsigned int dsaSize = DSA_size(dsa.get());
504 UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dsaSize)));
505 if (signedDataPtr.get() == NULL) {
506 logOpenSSLError("openssl_sign_dsa");
507 return -1;
508 }
509
510 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
511 if (DSA_sign(0, data, dataLength, tmp, &dsaSize, dsa.get()) <= 0) {
512 logOpenSSLError("openssl_sign_dsa");
513 return -1;
514 }
515
516 *signedDataLength = dsaSize;
517 *signedData = signedDataPtr.release();
518
519 return 0;
520 }
521
sign_ec(EVP_PKEY * pkey,keymaster_ec_sign_params_t * sign_params,const uint8_t * data,const size_t dataLength,uint8_t ** signedData,size_t * signedDataLength)522 static int sign_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params, const uint8_t* data,
523 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
524 if (sign_params->digest_type != DIGEST_NONE) {
525 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
526 return -1;
527 }
528
529 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
530 if (eckey.get() == NULL) {
531 logOpenSSLError("openssl_sign_ec");
532 return -1;
533 }
534
535 unsigned int ecdsaSize = ECDSA_size(eckey.get());
536 UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(ecdsaSize)));
537 if (signedDataPtr.get() == NULL) {
538 logOpenSSLError("openssl_sign_ec");
539 return -1;
540 }
541
542 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
543 if (ECDSA_sign(0, data, dataLength, tmp, &ecdsaSize, eckey.get()) <= 0) {
544 logOpenSSLError("openssl_sign_ec");
545 return -1;
546 }
547
548 *signedDataLength = ecdsaSize;
549 *signedData = signedDataPtr.release();
550
551 return 0;
552 }
553
sign_rsa(EVP_PKEY * pkey,keymaster_rsa_sign_params_t * sign_params,const uint8_t * data,const size_t dataLength,uint8_t ** signedData,size_t * signedDataLength)554 static int sign_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, const uint8_t* data,
555 const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
556 if (sign_params->digest_type != DIGEST_NONE) {
557 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
558 return -1;
559 } else if (sign_params->padding_type != PADDING_NONE) {
560 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
561 return -1;
562 }
563
564 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
565 if (rsa.get() == NULL) {
566 logOpenSSLError("openssl_sign_rsa");
567 return -1;
568 }
569
570 UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength)));
571 if (signedDataPtr.get() == NULL) {
572 logOpenSSLError("openssl_sign_rsa");
573 return -1;
574 }
575
576 unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
577 if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) {
578 logOpenSSLError("openssl_sign_rsa");
579 return -1;
580 }
581
582 *signedDataLength = dataLength;
583 *signedData = signedDataPtr.release();
584
585 return 0;
586 }
587
openssl_sign_data(const keymaster_device_t *,const void * params,const uint8_t * keyBlob,const size_t keyBlobLength,const uint8_t * data,const size_t dataLength,uint8_t ** signedData,size_t * signedDataLength)588 __attribute__((visibility("default"))) int openssl_sign_data(
589 const keymaster_device_t*, const void* params, const uint8_t* keyBlob,
590 const size_t keyBlobLength, const uint8_t* data, const size_t dataLength, uint8_t** signedData,
591 size_t* signedDataLength) {
592 if (data == NULL) {
593 ALOGW("input data to sign == NULL");
594 return -1;
595 } else if (signedData == NULL || signedDataLength == NULL) {
596 ALOGW("output signature buffer == NULL");
597 return -1;
598 }
599
600 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
601 if (pkey.get() == NULL) {
602 return -1;
603 }
604
605 int type = EVP_PKEY_type(pkey->type);
606 if (type == EVP_PKEY_DSA) {
607 const keymaster_dsa_sign_params_t* sign_params =
608 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
609 return sign_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params), data,
610 dataLength, signedData, signedDataLength);
611 } else if (type == EVP_PKEY_EC) {
612 const keymaster_ec_sign_params_t* sign_params =
613 reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
614 return sign_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params), data,
615 dataLength, signedData, signedDataLength);
616 } else if (type == EVP_PKEY_RSA) {
617 const keymaster_rsa_sign_params_t* sign_params =
618 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
619 return sign_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params), data,
620 dataLength, signedData, signedDataLength);
621 } else {
622 ALOGW("Unsupported key type");
623 return -1;
624 }
625 }
626
verify_dsa(EVP_PKEY * pkey,keymaster_dsa_sign_params_t * sign_params,const uint8_t * signedData,const size_t signedDataLength,const uint8_t * signature,const size_t signatureLength)627 static int verify_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params,
628 const uint8_t* signedData, const size_t signedDataLength,
629 const uint8_t* signature, const size_t signatureLength) {
630 if (sign_params->digest_type != DIGEST_NONE) {
631 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
632 return -1;
633 }
634
635 Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey));
636 if (dsa.get() == NULL) {
637 logOpenSSLError("openssl_verify_dsa");
638 return -1;
639 }
640
641 if (DSA_verify(0, signedData, signedDataLength, signature, signatureLength, dsa.get()) <= 0) {
642 logOpenSSLError("openssl_verify_dsa");
643 return -1;
644 }
645
646 return 0;
647 }
648
verify_ec(EVP_PKEY * pkey,keymaster_ec_sign_params_t * sign_params,const uint8_t * signedData,const size_t signedDataLength,const uint8_t * signature,const size_t signatureLength)649 static int verify_ec(EVP_PKEY* pkey, keymaster_ec_sign_params_t* sign_params,
650 const uint8_t* signedData, const size_t signedDataLength,
651 const uint8_t* signature, const size_t signatureLength) {
652 if (sign_params->digest_type != DIGEST_NONE) {
653 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
654 return -1;
655 }
656
657 Unique_EC_KEY eckey(EVP_PKEY_get1_EC_KEY(pkey));
658 if (eckey.get() == NULL) {
659 logOpenSSLError("openssl_verify_ec");
660 return -1;
661 }
662
663 if (ECDSA_verify(0, signedData, signedDataLength, signature, signatureLength, eckey.get()) <=
664 0) {
665 logOpenSSLError("openssl_verify_ec");
666 return -1;
667 }
668
669 return 0;
670 }
671
verify_rsa(EVP_PKEY * pkey,keymaster_rsa_sign_params_t * sign_params,const uint8_t * signedData,const size_t signedDataLength,const uint8_t * signature,const size_t signatureLength)672 static int verify_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params,
673 const uint8_t* signedData, const size_t signedDataLength,
674 const uint8_t* signature, const size_t signatureLength) {
675 if (sign_params->digest_type != DIGEST_NONE) {
676 ALOGW("Cannot handle digest type %d", sign_params->digest_type);
677 return -1;
678 } else if (sign_params->padding_type != PADDING_NONE) {
679 ALOGW("Cannot handle padding type %d", sign_params->padding_type);
680 return -1;
681 } else if (signatureLength != signedDataLength) {
682 ALOGW("signed data length must be signature length");
683 return -1;
684 }
685
686 Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
687 if (rsa.get() == NULL) {
688 logOpenSSLError("openssl_verify_data");
689 return -1;
690 }
691
692 UniquePtr<uint8_t[]> dataPtr(new uint8_t[signedDataLength]);
693 if (dataPtr.get() == NULL) {
694 logOpenSSLError("openssl_verify_data");
695 return -1;
696 }
697
698 unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get());
699 if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) {
700 logOpenSSLError("openssl_verify_data");
701 return -1;
702 }
703
704 int result = 0;
705 for (size_t i = 0; i < signedDataLength; i++) {
706 result |= tmp[i] ^ signedData[i];
707 }
708
709 return result == 0 ? 0 : -1;
710 }
711
openssl_verify_data(const keymaster_device_t *,const void * params,const uint8_t * keyBlob,const size_t keyBlobLength,const uint8_t * signedData,const size_t signedDataLength,const uint8_t * signature,const size_t signatureLength)712 __attribute__((visibility("default"))) int openssl_verify_data(
713 const keymaster_device_t*, const void* params, const uint8_t* keyBlob,
714 const size_t keyBlobLength, const uint8_t* signedData, const size_t signedDataLength,
715 const uint8_t* signature, const size_t signatureLength) {
716
717 if (signedData == NULL || signature == NULL) {
718 ALOGW("data or signature buffers == NULL");
719 return -1;
720 }
721
722 Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
723 if (pkey.get() == NULL) {
724 return -1;
725 }
726
727 int type = EVP_PKEY_type(pkey->type);
728 if (type == EVP_PKEY_DSA) {
729 const keymaster_dsa_sign_params_t* sign_params =
730 reinterpret_cast<const keymaster_dsa_sign_params_t*>(params);
731 return verify_dsa(pkey.get(), const_cast<keymaster_dsa_sign_params_t*>(sign_params),
732 signedData, signedDataLength, signature, signatureLength);
733 } else if (type == EVP_PKEY_RSA) {
734 const keymaster_rsa_sign_params_t* sign_params =
735 reinterpret_cast<const keymaster_rsa_sign_params_t*>(params);
736 return verify_rsa(pkey.get(), const_cast<keymaster_rsa_sign_params_t*>(sign_params),
737 signedData, signedDataLength, signature, signatureLength);
738 } else if (type == EVP_PKEY_EC) {
739 const keymaster_ec_sign_params_t* sign_params =
740 reinterpret_cast<const keymaster_ec_sign_params_t*>(params);
741 return verify_ec(pkey.get(), const_cast<keymaster_ec_sign_params_t*>(sign_params),
742 signedData, signedDataLength, signature, signatureLength);
743 } else {
744 ALOGW("Unsupported key type %d", type);
745 return -1;
746 }
747 }
748